[PATCH] Re: patch to add "winbind domain before username" parameter, and bugfix for handing of template homedir

rick at microway.com rick at microway.com
Sat Nov 23 22:28:15 MST 2013

Would adding a warning to the man page for this option that this shouldn't
be used in multi-domain environment be sufficient?

I think there are plenty of single-domain environments that could benefit
from this.

Regarding the input/output matching.  I'm not exactly sure what you mean
by this.  I'm trying to make the username match the unix norm as this is
primarily a Linux shop. We only have 1 domain and I was hoping the new
Samba 4 would allow me to do a single sign on for everyone now, easily. I
have that mostly working so far, using this patch.

Is there something I could change to help meet your criteria?


Sorry for the delay in my response - was away on business w/ poor wifi.

> On Wed, 2013-11-20 at 20:55 -0500, rick at microway.com wrote:
>> Can this patch please be accepted?
>> Thanks,
>> Rick
>> > Hi All,
>> >
>> > Using samba4, I have now had a problem where the usernames pulled from
>> > winbind all had the domain name prepended to them.  I found a bug
>> report
>> > from a couple years ago of someone complaining of the opposite, and
>> the
>> > code was changed at that time to prepend "DOMAIN\user" instead of just
>> > "user".
>> >
>> > I have made a patch now to add the smb.conf global parameter:
>> > "winbind domain before username".  I have it defaulting to true to
>> > preserve
>> > the current behavior, but if you set it to false/no you will get just
>> the
>> > regular username from both wb_cmd_getpwnam.c and wb_cmd_getpwuid.c
> The parameter you are looking for is "winbind use default domain".  I'm
> not opposed to this being added, but if we did it this way, we would
> block the multi-domain work.  We are trying to swap the source3 winbind
> at the same time, but in the meantime we need to ensure we don't break
> that future use case, by only doing this for the default domain.
> The main issue I have is that your change isn't symmetric.  We need the
> input and output code paths to match.
> I would also be cautious, because we got into a lot of trouble when we
> did 'winbind use default domain' in the source3 code, and while I very
> much understand why you want it (I added that originally), I'm also
> aware of the issues.
>> > Also, I have found a bug in the "template homedir" parameter. The
>> manpage
>> > and docs I've read all refer to using %D to represent the domain, and
>> %U
>> > to represent the username. However, the code was actually using
>> > %WORKGROUP% and %ACCOUNTNAME%.  I left the handling for those 2, but
>> added
>> > in the %D and %U as referenced elsewhere.
>> >
>> > This patch handles both the new feature and the bugfix.
> I'm aware of this inconstancy.  We probably need to make the code cope
> with both in both winbind trees, it comes from the merging of the two
> code bases.
> Sorry we took so long to get back to you,
> Andrew Bartlett
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Catalyst IT                   http://catalyst.net.nz

More information about the samba-technical mailing list